SAN Certificates - Subject Alternative Name

A Closer Look at the Subject Alternative Name Field

With a single SSL certificate, Subject Alternative Names (SAN) (also known as Unified Communications Certificate or UCC) enable SSL protection of multiple domains and host names. This also means that a single ip address can be used for several websites that each need individual SSL certificate protection.

SAN certificates have recently gained traction following the release of Microsoft Exchange Server 2007, which use Subject Alternative Names to simplify server configuration. However, the Subject Alternative Name extension has been around since before 1999 as part of the X509 certificate standard.

What can Subject Alternative Names do?

  • Implement SSL on Exchange Server 2007 and 2013 and simply the SSL configuration. SAN certificates use one ip address. This results in one certificate for one ip address, exponentially reducing the time and frustration involved in managing multiple certificates, each bound to a unique ip address, and then running numerous low-level PowerShell commands to get it all working.

  • Subject Alternative Names allow a number of domains specified to be protected by a single SSL certificate. It also allows securing host names with differing domain name extensions in one SSL Certificate. For instance, while a wildcard certificate can protect all first-level subdomains on a single domain like *.domain.com, a wildcard cannot protect both www.domain.com and www.domain.org, whereas a SAN certificate will.

  • Host multiple SSL sites on a single ip address. This is ideal for virtual hosting or cloud hosting like Amazon AWS where 1 ip address is allocated per server (until recently). Hosting multiple SSL-enabled sites on a single server traditionally required a unique ip address for each site, however, the advent of certificates as Unified Communications SSL solved this limitation. Apache and Microsoft IIS are both capable of Virtual Hosting HTTPS sites using Subject Alternative Name certificates, also known as SAN certificates.